Is a private NAT gateway in front of a transit gateway possible?

Question

I have a hub and spoke style network connected with transit gateways between several different accounts. On the "hub" account, I also have a VPN that connects back to our central corporate location. The accounts all need access to resources on our corporate network, but some have overlapping IP address space. Would it be possible to use a private NAT gateway in the central account and route traffic from the transit gateway through it before it goes to the corporate VPN?

Accepted Answer

yes, it is possible to use a private NAT gateway in the central account in front of a transit gateway. You can configure the routing tables associated
with the transit gateway to route traffic destined for overlapping IP addresses through the NAT gateway before it goes to the corporate VPN. 
This setup allows you to perform NAT translation for the overlapping IP addresses, ensuring proper routing of traffic to the corporate 
network. However, ensure proper network segmentation and security measures are in place to manage traffic effectively and securely.

Hope it clarifies and if does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)

Answer

Here are also some notes I wrote down how one could evolve different VPC configurations, including one with internal NAT gateways, and how that would help teams deploying future-proof networks independently.

https://carriagereturn.nl/aws/vpc/network/nat/2021/06/15/agile-networking.html

Is a private NAT gateway in front of a transit gateway possible?

관련 콘텐츠